Plan to Zero (#19) Fail Useful

Cyber issues exist and will always exist.

Hackers and other bad actors are constantly scanning for vulnerabilities, and in some cases exploiting them, and in others saving them for a future attack.

Once the electric grid is the ONLY way to deliver power. Any disruption to power flow is potentially life threatening.

The distribution portion of the grid used to be invulnerable to cyber issues.

Beyond metering there was little to no remote access, control, or monitoring deployed.

Today that is changing, with lots of communications and remote devices being installed. Mechanical reclosers, mechanical voltage regulators and other non-communicating devices, are all being replaced with digital devices. From invulnerable to vulnerable.

The key is to change the rules for how devices “fail”. Instead of failing not delivering power, devices have to deliver power when they “fail”.
No measurement devices have to have the right engineering to open when faults happen – regardless, but they also need to not open when something that is injected into the communications side of the device trying to spoof them.

This is a tricky road to navigate, the first standards will not get it right, but it is something that we should aspire to.

Devices must react to real issues; the measurement side may have to have hard coded defaults. The digital side may need to be isolated from the physical side.

Right now this sort of discussion is not happening at the right levels.
The key is to make sure devices fail useful.